program:
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
r2 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00')
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/45, 0x2d}, {&(0x7f0000000040)=""/118, 0x76}], 0x2, 0x1, 0x3)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000001800)={0x1, 0x7, 0x0, &(0x7f00000017c0)={0x11, "4ec0191e5bb45b08c198882717c44bc749b1cc22a10010115d6d00"}})
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) (async)
syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) (async)
syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00') (async)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/45, 0x2d}, {&(0x7f0000000040)=""/118, 0x76}], 0x2, 0x1, 0x3) (async)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000001800)={0x1, 0x7, 0x0, &(0x7f00000017c0)={0x11, "4ec0191e5bb45b08c198882717c44bc749b1cc22a10010115d6d00"}}) (async)

[   87.297995][ T5295] Bluetooth: hci0: command tx timeout
[   87.459175][ T1370] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   87.607717][ T1370] usb 5-1: Using ep0 maxpacket: 16
[   87.616456][ T1370] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[   87.620710][ T1370] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.624268][ T1370] usb 5-1: Product: syz
[   87.626182][ T1370] usb 5-1: Manufacturer: syz
[   87.629126][ T1370] usb 5-1: SerialNumber: syz
[   87.851987][ T1370] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[   87.868540][ T1370] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   87.873299][ T1370] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[   87.879410][ T1370] usb 5-1: media controller created
[   87.894308][ T1370] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   88.051219][ T5332] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   88.122237][ T5333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.129576][ T1370] zl10353_read_register: readreg error (reg=127, ret==-32)
[   88.136073][ T5332] ------------[ cut here ]------------
[   88.138747][ T5332] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   88.142653][ T5332] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5332
[   88.146953][ T5332] Modules linked in:
[   88.148851][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.152875][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   88.157165][ T5332] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   88.159742][ T5332] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   88.169668][ T5332] RSP: 0018:ffffc900056d7608 EFLAGS: 00010246
[   88.172395][ T5332] RAX: 0000000000000000 RBX: ffff8880340e7700 RCX: 0000000080000280
[   88.175880][ T5332] RDX: ffff888011d19420 RSI: ffffffff8c80d7e0 RDI: ffffffff903db390
[   88.180024][ T5332] RBP: 1ffff11007ebfcfc R08: 00000000000000c0 R09: 0000000000000000
[   88.183561][ T5332] R10: ffffc900056d7700 R11: fffff52000adaeec R12: ffff88801257e100
[   88.187193][ T5332] R13: ffff88803f5fe7e0 R14: 0000000080000280 R15: ffff888011d19420
[   88.190694][ T5332] FS:  00007f93e868f6c0(0000) GS:ffff88808c893000(0000) knlGS:0000000000000000
[   88.194535][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.197462][ T5332] CR2: 0000563948b3a010 CR3: 000000001225d000 CR4: 0000000000352ef0
[   88.201170][ T5332] Call Trace:
[   88.202745][ T5332]  <TASK>
[   88.204135][ T5332]  ? __init_swait_queue_head+0xa9/0x150
[   88.207041][ T5332]  usb_start_wait_urb+0x13f/0x5b0
[   88.209572][ T5332]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.212052][ T5332]  usb_control_msg+0x234/0x3e0
[   88.214204][ T5332]  gl861_ctrl_msg+0x207/0x420
[   88.216366][ T5332]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   88.218838][ T5332]  gl861_i2c_master_xfer+0x439/0x6a0
[   88.221175][ T5332]  ? rcu_is_watching+0x15/0xb0
[   88.223243][ T5332]  __i2c_transfer+0x79a/0x1f70
[   88.225466][ T5332]  __i2c_smbus_xfer+0x1146/0x2050
[   88.227916][ T5332]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.230261][ T5332]  ? rt_mutex_lock_nested+0x170/0x1e0
[   88.232660][ T5332]  ? do_vfs_ioctl+0x1166/0x1530
[   88.234883][ T5332]  i2c_smbus_xfer+0x1f4/0x310
[   88.236973][ T5332]  i2cdev_ioctl_smbus+0x1e7/0x730
[   88.239316][ T5332]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.241715][ T5332]  i2cdev_ioctl+0x615/0x880
[   88.243938][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.246342][ T5332]  ? __fget_files+0x2a/0x420
[   88.248483][ T5332]  ? __fget_files+0x3a0/0x420
[   88.250862][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.253214][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.255497][ T5332]  __se_sys_ioctl+0xfc/0x170
[   88.257684][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.260125][ T5332]  do_syscall_64+0x174/0x580
[   88.262218][ T5332]  ? trace_irq_disable+0x3b/0x140
[   88.264443][ T5332]  ? clear_bhb_loop+0x40/0x90
[   88.266541][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.269151][ T5332] RIP: 0033:0x7f93e779ce59
[   88.270981][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.278947][ T5332] RSP: 002b:00007f93e868efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.282054][ T5332] RAX: ffffffffffffffda RBX: 00007f93e7a15fa0 RCX: 00007f93e779ce59
[   88.285333][ T5332] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000004
[   88.288989][ T5332] RBP: 00007f93e7832d6f R08: 0000000000000000 R09: 0000000000000000
[   88.292475][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.305361][ T5332] R13: 00007f93e7a16038 R14: 00007f93e7a15fa0 R15: 00007ffce9db3258
[   88.311344][ T5332]  </TASK>
[   88.312662][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.316023][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.320048][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   88.324640][ T5332] Call Trace:
[   88.326232][ T5332]  <TASK>
[   88.327573][ T5332]  vpanic+0x56c/0xa60
[   88.329529][ T5332]  ? __pfx__printk+0x10/0x10
[   88.331672][ T5332]  ? __pfx_vpanic+0x10/0x10
[   88.333798][ T5332]  ? is_bpf_text_address+0x292/0x2b0
[   88.336211][ T5332]  ? is_bpf_text_address+0x26/0x2b0
[   88.338538][ T5332]  panic+0xc5/0xd0
[   88.340174][ T5332]  ? __pfx_panic+0x10/0x10
[   88.342215][ T5332]  __warn+0x315/0x4c0
[   88.344071][ T5332]  ? usb_submit_urb+0x1053/0x18b0
[   88.346336][ T5332]  ? usb_submit_urb+0x1053/0x18b0
[   88.348617][ T5332]  __report_bug+0x29a/0x540
[   88.350693][ T5332]  ? usb_submit_urb+0x1053/0x18b0
[   88.352954][ T5332]  ? __pfx___report_bug+0x10/0x10
[   88.355195][ T5332]  ? usb_submit_urb+0x111a/0x18b0
[   88.357324][ T5332]  report_bug_entry+0x19a/0x290
[   88.359440][ T5332]  ? usb_submit_urb+0x1115/0x18b0
[   88.361632][ T5332]  ? usb_submit_urb+0x111a/0x18b0
[   88.363788][ T5332]  handle_bug+0xce/0x200
[   88.365582][ T5332]  exc_invalid_op+0x1a/0x50
[   88.367576][ T5332]  asm_exc_invalid_op+0x1a/0x20
[   88.369583][ T5332] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   88.371850][ T5332] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   88.379760][ T5332] RSP: 0018:ffffc900056d7608 EFLAGS: 00010246
[   88.382497][ T5332] RAX: 0000000000000000 RBX: ffff8880340e7700 RCX: 0000000080000280
[   88.385887][ T5332] RDX: ffff888011d19420 RSI: ffffffff8c80d7e0 RDI: ffffffff903db390
[   88.389225][ T5332] RBP: 1ffff11007ebfcfc R08: 00000000000000c0 R09: 0000000000000000
[   88.392448][ T5332] R10: ffffc900056d7700 R11: fffff52000adaeec R12: ffff88801257e100
[   88.395850][ T5332] R13: ffff88803f5fe7e0 R14: 0000000080000280 R15: ffff888011d19420
[   88.400050][ T5332]  ? usb_submit_urb+0x10a4/0x18b0
[   88.402959][ T5332]  ? __init_swait_queue_head+0xa9/0x150
[   88.406092][ T5332]  usb_start_wait_urb+0x13f/0x5b0
[   88.408908][ T5332]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.411930][ T5332]  usb_control_msg+0x234/0x3e0
[   88.414177][ T5332]  gl861_ctrl_msg+0x207/0x420
[   88.416397][ T5332]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   88.418697][ T5332]  gl861_i2c_master_xfer+0x439/0x6a0
[   88.421094][ T5332]  ? rcu_is_watching+0x15/0xb0
[   88.423267][ T5332]  __i2c_transfer+0x79a/0x1f70
[   88.425475][ T5332]  __i2c_smbus_xfer+0x1146/0x2050
[   88.427731][ T5332]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.430088][ T5332]  ? rt_mutex_lock_nested+0x170/0x1e0
[   88.432418][ T5332]  ? do_vfs_ioctl+0x1166/0x1530
[   88.434759][ T5332]  i2c_smbus_xfer+0x1f4/0x310
[   88.436894][ T5332]  i2cdev_ioctl_smbus+0x1e7/0x730
[   88.438992][ T5332]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.441351][ T5332]  i2cdev_ioctl+0x615/0x880
[   88.443353][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.445663][ T5332]  ? __fget_files+0x2a/0x420
[   88.447672][ T5332]  ? __fget_files+0x3a0/0x420
[   88.449783][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.451954][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.454141][ T5332]  __se_sys_ioctl+0xfc/0x170
[   88.456122][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.458807][ T5332]  do_syscall_64+0x174/0x580
[   88.460794][ T5332]  ? trace_irq_disable+0x3b/0x140
[   88.463046][ T5332]  ? clear_bhb_loop+0x40/0x90
[   88.465171][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.467738][ T5332] RIP: 0033:0x7f93e779ce59
[   88.469700][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.478009][ T5332] RSP: 002b:00007f93e868efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.481628][ T5332] RAX: ffffffffffffffda RBX: 00007f93e7a15fa0 RCX: 00007f93e779ce59
[   88.485009][ T5332] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000004
[   88.488422][ T5332] RBP: 00007f93e7832d6f R08: 0000000000000000 R09: 0000000000000000
[   88.491812][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.495197][ T5332] R13: 00007f93e7a16038 R14: 00007f93e7a15fa0 R15: 00007ffce9db3258
[   88.498521][ T5332]  </TASK>
[   88.500234][ T5332] Kernel Offset: disabled
[   88.502123][ T5332] Rebooting in 86400 seconds..